omniauth-shibboleth 1.1.2 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +21 -5
- data/lib/omniauth-shibboleth/version.rb +1 -1
- data/lib/omniauth/strategies/shibboleth.rb +13 -4
- data/spec/omniauth/strategies/shibboleth_spec.rb +63 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cbc1910339ca687b35d3e2120072009e39dca66a
|
|
4
|
+
data.tar.gz: 60215822a0ac07502b0dcee32545d18c0e2dc160
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f58cc5c54b07a092f15984b1aa6290d21a7271c4e16933b2d0b6b99639bf8881a1ffe9a03503083be69f8f834bf27c9b843d3c9e52b8bc9a217fe485c2703a3d
|
|
7
|
+
data.tar.gz: 2b29dcaa1c212ad9b6825b184b1ba766626685d3212daaa1afe7805c9898b6590a7c9df5e62be68bfb874e3e74caa566d651b174e6f9ed124cac0d8a02cd94ed
|
data/README.md
CHANGED
|
@@ -18,15 +18,12 @@ https://github.com/toyokazu/omniauth-shibboleth/issues
|
|
|
18
18
|
|
|
19
19
|
## Getting Started
|
|
20
20
|
|
|
21
|
-
###
|
|
22
|
-
|
|
23
|
-
% gem install omniauth-shibboleth
|
|
24
|
-
|
|
25
|
-
### Setup Gemfile
|
|
21
|
+
### Setup Gemfile and Install
|
|
26
22
|
|
|
27
23
|
% cd rails-app
|
|
28
24
|
% vi Gemfile
|
|
29
25
|
gem 'omniauth-shibboleth'
|
|
26
|
+
% bundle install
|
|
30
27
|
|
|
31
28
|
### Setup Shibboleth Strategy
|
|
32
29
|
|
|
@@ -69,6 +66,25 @@ These can be changed by :uid_field, :name_field option. You can also add any "in
|
|
|
69
66
|
|
|
70
67
|
In the previous example, Shibboleth strategy does not pass any :info fields and use 'uid' attribute as uid fields.
|
|
71
68
|
|
|
69
|
+
### More flexible attribute configuration
|
|
70
|
+
|
|
71
|
+
If you need more flexible attribute definition, you can use lambda (Proc) to define your attributes. In the following example, 'uid' attribute is chosen from 'eppn' or 'mail', 'info'/'name' attribute is defined as a concatenation of 'cn' and 'sn' and 'info'/'affiliation' attribute is defined as 'affiliation'@my.localdomain. 'request_param' parameter is a method defined in OmniAuth::Shibboleth::Strategy. You can specify attribute names by downcase strings in either request_type, :env, :header and :params.
|
|
72
|
+
|
|
73
|
+
% vi config/initializer/omniauth.rb
|
|
74
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
75
|
+
provider :shibboleth, {
|
|
76
|
+
:uid_field => lambda {|request_param| request_param.call('eppn') || request_param.call('mail')},
|
|
77
|
+
:name_field => lambda {|request_param| "#{request_param.call('cn')} #{request_param.call('sn')}"},
|
|
78
|
+
:info_fields => {
|
|
79
|
+
:affiliation => lambda {|request_param| "#{request_param.call('affiliation')}@my.localdomain"},
|
|
80
|
+
:email => "mail",
|
|
81
|
+
:location => "contactAddress",
|
|
82
|
+
:image => "photo_url",
|
|
83
|
+
:phone => "contactPhone"
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
end
|
|
87
|
+
|
|
72
88
|
### !!!NOTICE!!! devise integration issue
|
|
73
89
|
|
|
74
90
|
When you use omniauth with devise, the omniauth configuration is applied before devise configuration and some part of the configuration overwritten by the devise's. It may not work as you assume. So thus, in that case, currently you should write your configuration only in device configuration.
|
|
@@ -57,17 +57,26 @@ module OmniAuth
|
|
|
57
57
|
return fail!(:no_shibboleth_session) unless (request_param(options.shib_session_id_field.to_s) || request_param(options.shib_application_id_field.to_s))
|
|
58
58
|
super
|
|
59
59
|
end
|
|
60
|
+
|
|
61
|
+
def option_handler(option_field)
|
|
62
|
+
if option_field.class == String ||
|
|
63
|
+
option_field.class == Symbol
|
|
64
|
+
request_param(option_field.to_s)
|
|
65
|
+
elsif option_field.class == Proc
|
|
66
|
+
option_field.call(self.method(:request_param))
|
|
67
|
+
end
|
|
68
|
+
end
|
|
60
69
|
|
|
61
70
|
uid do
|
|
62
|
-
|
|
71
|
+
option_handler(options.uid_field)
|
|
63
72
|
end
|
|
64
73
|
|
|
65
74
|
info do
|
|
66
75
|
res = {
|
|
67
|
-
:name
|
|
76
|
+
:name => option_handler(options.name_field)
|
|
68
77
|
}
|
|
69
|
-
options.info_fields.each_pair do |
|
|
70
|
-
res[
|
|
78
|
+
options.info_fields.each_pair do |key, field|
|
|
79
|
+
res[key] = option_handler(field)
|
|
71
80
|
end
|
|
72
81
|
res
|
|
73
82
|
end
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
#require 'pry-byebug'
|
|
1
2
|
require 'spec_helper'
|
|
2
3
|
|
|
3
4
|
def make_env(path = '/auth/shibboleth', props = {})
|
|
@@ -54,7 +55,8 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
|
54
55
|
@dummy_id = 'abcdefg'
|
|
55
56
|
@eppn = 'test@example.com'
|
|
56
57
|
@display_name = 'Test User'
|
|
57
|
-
|
|
58
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'eppn' => @eppn, 'displayName' => @display_name)
|
|
59
|
+
response = strategy.call!(env)
|
|
58
60
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@eppn)
|
|
59
61
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
|
60
62
|
end
|
|
@@ -65,18 +67,21 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
|
65
67
|
:shib_session_id_field => 'Shib-Session-ID',
|
|
66
68
|
:shib_application_id_field => 'Shib-Application-ID',
|
|
67
69
|
:uid_field => :uid,
|
|
68
|
-
:name_field => :
|
|
70
|
+
:name_field => :sn,
|
|
71
|
+
#:name_field => :displayName,
|
|
69
72
|
:info_fields => {},
|
|
70
73
|
:extra_fields => [:o, :affiliation] } }
|
|
71
|
-
let(:app){ lambda{|env| [404, {}, ['
|
|
74
|
+
let(:app){ lambda{|env| [404, {}, ['Not Found']]}}
|
|
72
75
|
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
|
73
76
|
|
|
74
77
|
it 'is expected to set specified omniauth.auth fields' do
|
|
75
78
|
@dummy_id = 'abcdefg'
|
|
76
79
|
@uid = 'test'
|
|
80
|
+
@sn = 'User'
|
|
77
81
|
@organization = 'Test Corporation'
|
|
78
82
|
@affiliation = 'faculty'
|
|
79
|
-
|
|
83
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
|
|
84
|
+
response = strategy.call!(env)
|
|
80
85
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
|
81
86
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
|
82
87
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
|
|
@@ -85,6 +90,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
|
85
90
|
|
|
86
91
|
context 'with debug options' do
|
|
87
92
|
let(:options){ { :debug => true} }
|
|
93
|
+
let(:app){ lambda{|env| [404, {}, ['Not Found']]}}
|
|
88
94
|
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
|
89
95
|
|
|
90
96
|
it 'is expected to raise environment variables' do
|
|
@@ -106,6 +112,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
|
106
112
|
:name_field => :displayName,
|
|
107
113
|
:info_fields => {},
|
|
108
114
|
:extra_fields => [:o, :affiliation] } }
|
|
115
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
|
109
116
|
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
|
110
117
|
|
|
111
118
|
it 'is expected to handle header variables' do
|
|
@@ -132,6 +139,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
|
132
139
|
:name_field => :displayName,
|
|
133
140
|
:info_fields => {},
|
|
134
141
|
:extra_fields => [:o, :affiliation] } }
|
|
142
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
|
135
143
|
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
|
136
144
|
|
|
137
145
|
it 'is expected to handle header variables' do
|
|
@@ -158,6 +166,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
|
158
166
|
:name_field => :displayName,
|
|
159
167
|
:info_fields => {},
|
|
160
168
|
:extra_fields => [:o, :affiliation] } }
|
|
169
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
|
161
170
|
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
|
162
171
|
|
|
163
172
|
it 'is expected to handle params variables' do
|
|
@@ -174,5 +183,55 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
|
174
183
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
|
|
175
184
|
end
|
|
176
185
|
end
|
|
186
|
+
|
|
187
|
+
context 'with Proc option' do
|
|
188
|
+
let(:options){ {
|
|
189
|
+
:request_type => :env,
|
|
190
|
+
:shib_session_id_field => 'Shib-Session-ID',
|
|
191
|
+
:shib_application_id_field => 'Shib-Application-ID',
|
|
192
|
+
:uid_field => lambda {|request_param| request_param.call('eppn') || request_param.call('mail')},
|
|
193
|
+
:name_field => lambda {|request_param| "#{request_param.call('cn')} #{request_param.call('sn')}"},
|
|
194
|
+
:info_fields => {:affiliation => lambda {|request_param| "#{request_param.call('affiliation')}@my.localdomain" }},
|
|
195
|
+
:extra_fields => [:o, :affiliation] } }
|
|
196
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
|
197
|
+
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
|
198
|
+
|
|
199
|
+
it 'is expected to have eppn as uid and cn + sn as name field.' do
|
|
200
|
+
@dummy_id = 'abcdefg'
|
|
201
|
+
@display_name = 'Test User'
|
|
202
|
+
@uid = 'test'
|
|
203
|
+
@eppn = 'test@my.localdomain'
|
|
204
|
+
@cn = 'Test'
|
|
205
|
+
@sn = 'User'
|
|
206
|
+
@organization = 'Test Corporation'
|
|
207
|
+
@affiliation = 'faculty'
|
|
208
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'eppn' => @eppn, 'cn' => @cn, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
|
|
209
|
+
response = strategy.call!(env)
|
|
210
|
+
expect(strategy.env['omniauth.auth']['uid']).to eq(@eppn)
|
|
211
|
+
expect(strategy.env['omniauth.auth']['info']['name']).to eq("#{@cn} #{@sn}")
|
|
212
|
+
expect(strategy.env['omniauth.auth']['info']['affiliation']).to eq("#{@affiliation}@my.localdomain")
|
|
213
|
+
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
|
214
|
+
expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
|
|
215
|
+
end
|
|
216
|
+
|
|
217
|
+
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
|
218
|
+
it 'is expected to have mail as uid and cn + sn as name field.' do
|
|
219
|
+
@dummy_id = 'abcdefg'
|
|
220
|
+
@display_name = 'Test User'
|
|
221
|
+
@uid = 'test'
|
|
222
|
+
@mail = 'test@my.localdomain'
|
|
223
|
+
@cn = 'Test'
|
|
224
|
+
@sn = 'User'
|
|
225
|
+
@organization = 'Test Corporation'
|
|
226
|
+
@affiliation = 'faculty'
|
|
227
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'mail' => @mail, 'cn' => @cn, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
|
|
228
|
+
response = strategy.call!(env)
|
|
229
|
+
expect(strategy.env['omniauth.auth']['uid']).to eq(@mail)
|
|
230
|
+
expect(strategy.env['omniauth.auth']['info']['name']).to eq("#{@cn} #{@sn}")
|
|
231
|
+
expect(strategy.env['omniauth.auth']['info']['affiliation']).to eq("#{@affiliation}@my.localdomain")
|
|
232
|
+
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
|
233
|
+
expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
|
|
234
|
+
end
|
|
235
|
+
end
|
|
177
236
|
end
|
|
178
237
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-shibboleth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Toyokazu Akiyama
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-11-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth
|